CVE-2005-2462

Name of the Vulnerable Software and Affected Versions Kayako liveResponse versions 2.x

Description The issue allows local users and possibly remote attackers to gain privileges by exploiting the fact that passwords are recorded in plaintext in the URL when a user logs in.

Recommendations For Kayako liveResponse versions 2.x, consider disabling the login functionality until a fix is available to prevent passwords from being recorded in plaintext. Restrict access to the login module to minimize the risk of exploitation. Avoid using the password parameter in the affected login endpoint until the issue is resolved.